CISSP : Certified Information Systems Security Professional : Part 13
-
An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue?
- Require the cloud IAM provider to use declarative security instead of programmatic authentication checks
- Integrate a Web-Application Firewall (WAF) in reverse-proxy mode in front of the service provider
- Apply Transport Layer Security (TLS) to the cloud-based authentication checks
- Install an on-premise Authentication Gateway Service (AGS) in front of the service provider
-
Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?
- Security Assertion Markup Language (SAML)
- Service Oriented Architecture (SOA)
- Extensible Markup Language (XML)
- Wireless Authentication Protocol (WAP)
-
Which item below is a federated identity standard?
- 802.11i
- Kerberos
- Lightweight Directory Access Protocol (LDAP)
- Security Assertion Markup Language (SAML)
-
Which of the following problems is not addressed by using Open Authorization Version 2 (OAuth2) to integrate a third-party Identity Provider (IdP) for a service?
- Resource servers are required to use passwords to authenticate end users
- Revocation of access of some users of the third-party instead of all the users from the third-party
- Compromise of the third-party means compromise of all the users in the service
- Guest users need to authenticate with the third-party IdP
-
An organization implements a Remote Access Server (RAS). Once users connect to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use during this authentication?
- Transport Layer Security (TLS)
- Message Digest 5 (MD5)
- Lightweight Extensible Authentication Protocol (LEAP)
- Subscriber Identity Module (SIM)
-
During a fingerprint verification process, which of the following is used to verify identity and authentication?
- A pressure value is compared with a stored template
- Sets of digits are matched with stored values
- A hash table is matched to a database of stored value
- A template of minutiae is compared with a stored template
-
In Identity Management (IdM), when is the verification stage performed?
- As part of system sign-on
- Before creation of the identity
- After revocation of the identity
- During authorization of the identity
-
For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?
- Access Control
- Account Management
- Authentication
- Authorization
-
What is the BEST way to establish identity over the Internet?
- Challenge Handshake Authentication Protocol (CHAP) and strong passwords
- Remote Authentication Dial-In User Service (RADIUS) server with hardware tokens
- Internet Message Access Protocol (IMAP) with Triple Data Encryption Standard (3DES)
- Remote user authentication via Simple Object Access Protocol (SOAP)
-
Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?
- Remote Authentication Dial-In User Service (RADIUS)
- Terminal Access Controller Access Control System Plus (TACACS+)
- Open Authorization (OAuth)
- Security Assertion Markup Language (SAML)
-
The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
- Two-factor authentication (2FA)
- Single sign-on (SSO)
- User self-service
- A metadirectory
-
Which of the following will accomplish Multi-Factor Authentication (MFA)?
- Issuing a smart card with a user-selected Personal Identification Number (PIN)
- Requiring users to enter a Personal Identification Number (PIN) and a password
- Performing a palm and retinal scan
- Issuing a smart card and a One Time Password (OTP) token
-
Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
- Change management processes
- User administration procedures
- Operating System (OS) baselines
- System backup documentation
-
In which of the following programs is it MOST important to include the collection of security process data?
- Quarterly access reviews
- Security continuous monitoring
- Business continuity testing
- Annual security training
-
A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?
- Host VM monitor audit logs
- Guest OS access controls
- Host VM access controls
- Guest OS audit logs
-
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
- Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
- Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
- Management teams will understand the testing objectives and reputational risk to the organization
- Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
-
Which of the following could cause a Denial of Service (DoS) against an authentication system?
- Encryption of audit logs
- No archiving of audit logs
- Hashing of audit logs
- Remote access audit logs
-
Which type of test would an organization perform in order to locate and target exploitable defects?
- Penetration
- System
- Performance
- Vulnerability
-
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
- To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
- To validate backup sites’ effectiveness
- To find out what does not work and fix it
- To create a high level DRP awareness among Information Technology (IT) staff
-
When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
- Ping testing
- Mapping tools
- Asset register
- Topology diagrams
Subscribe
0 Comments
Newest